kestrel-datasource-stixbundle


Namekestrel-datasource-stixbundle JSON
Version 1.8.0 PyPI version JSON
download
home_page
SummaryKestrel STIX-bundle Datasource Interface
upload_time2023-10-19 02:45:58
maintainer
docs_urlNone
author
requires_python>=3.8
licenseApache 2.0 License
keywords kestrel datasource interface stix bundle
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            .. image:: https://github.com/opencybersecurityalliance/kestrel-lang/raw/develop/logo/logo_w_text.svg
   :width: 432
   :alt: Kestrel Threat Hunting Language

.. image:: https://img.shields.io/pypi/pyversions/kestrel-lang
        :target: https://www.python.org/
        :alt: Python 3

.. image:: https://img.shields.io/badge/code%20style-black-000000.svg
        :target: https://github.com/psf/black
        :alt: Code Style: Black

.. image:: https://codecov.io/gh/opencybersecurityalliance/kestrel-lang/branch/develop/graph/badge.svg?token=HM4ax10IW3
        :target: https://codecov.io/gh/opencybersecurityalliance/kestrel-lang
        :alt: Code Coverage

.. image:: https://img.shields.io/pypi/v/kestrel-lang
        :target: https://pypi.python.org/pypi/kestrel-lang
        :alt: Latest Version

.. image:: https://img.shields.io/pypi/dm/kestrel-lang
        :target: https://pypistats.org/packages/kestrel-lang
        :alt: PyPI Downloads

.. image:: https://readthedocs.org/projects/kestrel/badge/?version=latest
        :target: https://kestrel.readthedocs.io/en/latest/?badge=latest
        :alt: Documentation Status

|

**[News]** Kestrel session at `Black Hat USA 2023`_

--------

Kestrel is a threat hunting language aiming to make cyber threat hunting *fast*
by providing a layer of abstraction to build reusable, composable, and
shareable hunt-flow. Starting with:

#. `Black Hat USA 2022 session recording`_
#. `Black Hat USA 2022 Kestrel hunting lab`_
#. `Kestrel live tutorial in a cloud sandbox`_

The Goal
========

Software developers write Python or Swift than machine code to quickly turn
business logic into applications. Threat hunters write Kestrel to quickly turn
threat hypotheses into hunt-flow. We see threat hunting as an interactive
procedure to create customized intrusion detection systems on the fly, and
hunt-flow is to hunts as control-flow is to ordinary programs.

What does it mean by *hunt fast*?

- Do NOT write the same TTP pattern in different data source queries.
- Do NOT write one-time-use adapaters to connect hunt steps.
- Do NOT waste your existing analytic scripts/programs in future hunts.
- Do construct your hunt-flow from smaller reuseable hunt-flow.
- Do share your huntbook with your future self and your colleagues.
- Do get interactive feedback and revise hunt-flow on the fly.

|

.. image:: https://github.com/opencybersecurityalliance/data-bucket-kestrel/raw/main/images/github_homepage_animation.gif
   :width: 90%
   :target: https://www.youtube.com/watch?v=tASFWZfD7l8
   :alt: Kestrel Hunting Demo

Kestrel in a Nutshell
=====================

.. image:: https://github.com/opencybersecurityalliance/kestrel-lang/raw/develop/docs/images/overview.png
   :width: 100%
   :alt: Kestrel overview.

- **Kestrel language**: a threat hunting language for a human to express *what to
  hunt*.

  - expressing the knowledge of *what* in patterns, analytics, and hunt flows.
  - composing reusable hunting flows from individual hunting steps.
  - reasoning with human-friendly entity-based data representation abstraction.
  - thinking across heterogeneous data and threat intelligence sources.
  - applying existing public and proprietary detection logic as analytic hunt steps.
  - reusing and sharing individual hunting steps, hunt-flow, and entire huntbooks.

- **Kestrel runtime**: a machine interpreter that deals with *how to hunt*.

  - compiling the *what* against specific hunting platform instructions.
  - executing the compiled code locally and remotely.
  - assembling raw logs and records into entities for entity-based reasoning.
  - caching intermediate data and related records for fast response.
  - prefetching related logs and records for link construction between entities.
  - defining extensible interfaces for data sources and analytics execution.

Basic Concepts and Howto
========================

Visit `Kestrel documentation`_ to learn Kestrel:

- Learn concepts and syntax:

  - `A comprehensive introduction to Kestrel`_
  - `The two key concepts of Kestrel`_
  - `Interactive tutorial with quiz`_
  - `Language reference book`_

- Hunt in your environment:

  - `Kestrel runtime installation`_
  - `How to connect to your data sources`_
  - `How to execute an analytic hunt step in Python/Docker`_
  - `How to use Kestrel via API`_
  - `How to launch Kestrel as a Docker container`_

Kestrel Huntbooks And Analytics
===============================

- `Kestrel huntbook`_: community-contributed Kestrel huntbooks
- `Kestrel analytics`_: community-contributed Kestrel analytics

Kestrel Hunting Blogs
=====================

#. `Building a Huntbook to Discover Persistent Threats from Scheduled Windows Tasks`_
#. `Practicing Backward And Forward Tracking Hunts on A Windows Host`_
#. `Building Your Own Kestrel Analytics and Sharing With the Community`_
#. `Setting Up The Open Hunting Stack in Hybrid Cloud With Kestrel and SysFlow`_
#. `Try Kestrel in a Cloud Sandbox`_
#. `Fun with securitydatasets.com and the Kestrel PowerShell Deobfuscator`_
#. `Kestrel Data Retrieval Explained`_

Talks And Demos
===============

Talk summary (visit `Kestrel documentation on talks`_ to learn details):

- 2023/08 `Black Hat USA 2023`_
- 2022/12 `Infosec Jupyterthon 2022`_ [`IJ'22 live hunt recording`_]
- 2022/08 `Black Hat USA 2022`_ [`BH'22 recording`_ | `BH'22 hunting lab`_]
- 2022/06 `Cybersecurity Automation Workshop`_
- 2022/04 `SC eSummit on Threat Hunting & Offense Security`_ (free to register/playback)
- 2021/12 `Infosec Jupyterthon 2021`_ [`IJ'21 live hunt recording`_]
- 2021/11 `BlackHat Europe 2021`_
- 2021/10 `SANS Threat Hunting Summit 2021`_: [`SANS'21 session recording`_]
- 2021/05 `RSA Conference 2021`_: [`RSA'21 session recording`_]

Connecting With The Community
=============================

- Join Kestrel slack channel:
  
  - Get a `slack invitation`_ to join `Open Cybersecurity Alliance workspace`_
  
    .. image:: https://opencyberallia.wpengine.com/wp-content/uploads/2022/03/OCA-logo-e1646689234325.png
       :width: 20%
       :alt: OCA logo
     
  - Join the *kestrel* channel to ask questions and connect with other hunters
  
- Contribute to the language development (`Apache License 2.0`_):

  - Create a `GitHub Issue`_ to report bugs and suggest new features
  - Follow the `contributing guideline`_ to submit your pull request
  - Refer to the `governance documentation`_ regarding PR merge, release, and vulnerability disclosure

- Share your huntbook and analytics:

  - `Kestrel huntbook`_
  - `Kestrel analytics`_




.. _Kestrel live tutorial in a cloud sandbox: https://mybinder.org/v2/gh/opencybersecurityalliance/kestrel-huntbook/HEAD?filepath=tutorial
.. _Kestrel documentation: https://kestrel.readthedocs.io/

.. _A comprehensive introduction to Kestrel: https://kestrel.readthedocs.io/en/stable/overview/
.. _The two key concepts of Kestrel: https://kestrel.readthedocs.io/en/stable/language/tac.html#key-concepts
.. _Interactive tutorial with quiz: https://mybinder.org/v2/gh/opencybersecurityalliance/kestrel-huntbook/HEAD?filepath=tutorial
.. _Kestrel runtime installation: https://kestrel.readthedocs.io/en/stable/installation/runtime.html
.. _How to connect to your data sources: https://kestrel.readthedocs.io/en/stable/installation/datasource.html
.. _How to execute an analytic hunt step in Python/Docker: https://kestrel.readthedocs.io/en/stable/installation/analytics.html
.. _Language reference book: https://kestrel.readthedocs.io/en/stable/language/commands.html
.. _How to use Kestrel via API: https://kestrel.readthedocs.io/en/stable/source/kestrel.session.html
.. _How to launch Kestrel as a Docker container: https://kestrel.readthedocs.io/en/stable/deployment/
.. _Kestrel documentation on talks: https://kestrel.readthedocs.io/en/stable/talks.html

.. _Kestrel huntbook: https://github.com/opencybersecurityalliance/kestrel-huntbook
.. _Kestrel analytics: https://github.com/opencybersecurityalliance/kestrel-analytics

.. _Building a Huntbook to Discover Persistent Threats from Scheduled Windows Tasks: https://opencybersecurityalliance.org/huntbook-persistent-threat-discovery-kestrel/
.. _Practicing Backward And Forward Tracking Hunts on A Windows Host: https://opencybersecurityalliance.org/backward-and-forward-tracking-hunts-on-a-windows-host/
.. _Building Your Own Kestrel Analytics and Sharing With the Community: https://opencybersecurityalliance.org/kestrel-custom-analytics/
.. _Setting Up The Open Hunting Stack in Hybrid Cloud With Kestrel and SysFlow: https://opencybersecurityalliance.org/kestrel-sysflow-open-hunting-stack/
.. _Try Kestrel in a Cloud Sandbox: https://opencybersecurityalliance.org/try-kestrel-in-a-cloud-sandbox/
.. _Fun with securitydatasets.com and the Kestrel PowerShell Deobfuscator: https://opencybersecurityalliance.org/fun-with-securitydatasets-com-and-the-kestrel-powershell-deobfuscator/
.. _Kestrel Data Retrieval Explained: https://opencybersecurityalliance.org/kestrel-data-retrieval-explained/

.. _RSA Conference 2021: https://www.rsaconference.com/Library/presentation/USA/2021/The%20Game%20of%20Cyber%20Threat%20Hunting%20The%20Return%20of%20the%20Fun
.. _RSA'21 session recording: https://www.youtube.com/watch?v=-Xb086R0JTk
.. _SANS Threat Hunting Summit 2021: https://www.sans.org/blog/a-visual-summary-of-sans-threat-hunting-summit-2021/
.. _SANS'21 session recording: https://www.youtube.com/watch?v=gyY5DAWLwT0
.. _BlackHat Europe 2021: https://www.blackhat.com/eu-21/arsenal/schedule/index.html#an-open-stack-for-threat-hunting-in-hybrid-cloud-with-connected-observability-25112
.. _Infosec Jupyterthon 2021: https://infosecjupyterthon.com/2021/agenda.html
.. _IJ'21 live hunt recording: https://www.youtube.com/embed/nMnHBnYfIaI?start=20557&end=22695
.. _Infosec Jupyterthon 2022: https://infosecjupyterthon.com/2022/agenda.html
.. _IJ'22 live hunt recording: https://www.youtube.com/embed/8Mw1yyYkeqM?start=23586&end=26545
.. _SC eSummit on Threat Hunting & Offense Security: https://www.scmagazine.com/esummit/automating-the-hunt-for-advanced-threats
.. _Cybersecurity Automation Workshop: http://www.cybersecurityautomationworkshop.org/
.. _Black Hat USA 2023: https://www.blackhat.com/us-23/arsenal/schedule/index.html#identity-threat-hunting-with-kestrel-33662
.. _Black Hat USA 2022: https://www.blackhat.com/us-22/arsenal/schedule/index.html#streamlining-and-automating-threat-hunting-with-kestrel-28014
.. _BH'22 recording: https://www.youtube.com/watch?v=tf1VLIpFefs
.. _Black Hat USA 2022 session recording: https://www.youtube.com/watch?v=tf1VLIpFefs
.. _BH'22 hunting lab: https://mybinder.org/v2/gh/opencybersecurityalliance/black-hat-us-2022/HEAD?filepath=demo
.. _Black Hat USA 2022 Kestrel hunting lab: https://mybinder.org/v2/gh/opencybersecurityalliance/black-hat-us-2022/HEAD?filepath=demo

.. _slack invitation: https://join.slack.com/t/open-cybersecurity/shared_invite/zt-19pliofsm-L7eSSB8yzABM2Pls1nS12w
.. _Open Cybersecurity Alliance workspace: https://open-cybersecurity.slack.com/
.. _GitHub Issue: https://github.com/opencybersecurityalliance/kestrel-lang/issues
.. _contributing guideline: CONTRIBUTING.rst
.. _governance documentation: GOVERNANCE.rst
.. _Apache License 2.0: LICENSE.md

            

Raw data

            {
    "_id": null,
    "home_page": "",
    "name": "kestrel-datasource-stixbundle",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": "Xiaokui Shu <xiaokui.shu@ibm.com>, Paul Coccoli <pcoccoli@us.ibm.com>",
    "keywords": "kestrel,datasource,interface,STIX bundle",
    "author": "",
    "author_email": "",
    "download_url": "https://files.pythonhosted.org/packages/bc/f3/dccc376666c5ef819d4e64269d6bbae280679066fadaf944eef27432564d/kestrel_datasource_stixbundle-1.8.0.tar.gz",
    "platform": null,
    "description": ".. image:: https://github.com/opencybersecurityalliance/kestrel-lang/raw/develop/logo/logo_w_text.svg\n   :width: 432\n   :alt: Kestrel Threat Hunting Language\n\n.. image:: https://img.shields.io/pypi/pyversions/kestrel-lang\n        :target: https://www.python.org/\n        :alt: Python 3\n\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n        :target: https://github.com/psf/black\n        :alt: Code Style: Black\n\n.. image:: https://codecov.io/gh/opencybersecurityalliance/kestrel-lang/branch/develop/graph/badge.svg?token=HM4ax10IW3\n        :target: https://codecov.io/gh/opencybersecurityalliance/kestrel-lang\n        :alt: Code Coverage\n\n.. image:: https://img.shields.io/pypi/v/kestrel-lang\n        :target: https://pypi.python.org/pypi/kestrel-lang\n        :alt: Latest Version\n\n.. image:: https://img.shields.io/pypi/dm/kestrel-lang\n        :target: https://pypistats.org/packages/kestrel-lang\n        :alt: PyPI Downloads\n\n.. image:: https://readthedocs.org/projects/kestrel/badge/?version=latest\n        :target: https://kestrel.readthedocs.io/en/latest/?badge=latest\n        :alt: Documentation Status\n\n|\n\n**[News]** Kestrel session at `Black Hat USA 2023`_\n\n--------\n\nKestrel is a threat hunting language aiming to make cyber threat hunting *fast*\nby providing a layer of abstraction to build reusable, composable, and\nshareable hunt-flow. Starting with:\n\n#. `Black Hat USA 2022 session recording`_\n#. `Black Hat USA 2022 Kestrel hunting lab`_\n#. `Kestrel live tutorial in a cloud sandbox`_\n\nThe Goal\n========\n\nSoftware developers write Python or Swift than machine code to quickly turn\nbusiness logic into applications. Threat hunters write Kestrel to quickly turn\nthreat hypotheses into hunt-flow. We see threat hunting as an interactive\nprocedure to create customized intrusion detection systems on the fly, and\nhunt-flow is to hunts as control-flow is to ordinary programs.\n\nWhat does it mean by *hunt fast*?\n\n- Do NOT write the same TTP pattern in different data source queries.\n- Do NOT write one-time-use adapaters to connect hunt steps.\n- Do NOT waste your existing analytic scripts/programs in future hunts.\n- Do construct your hunt-flow from smaller reuseable hunt-flow.\n- Do share your huntbook with your future self and your colleagues.\n- Do get interactive feedback and revise hunt-flow on the fly.\n\n|\n\n.. image:: https://github.com/opencybersecurityalliance/data-bucket-kestrel/raw/main/images/github_homepage_animation.gif\n   :width: 90%\n   :target: https://www.youtube.com/watch?v=tASFWZfD7l8\n   :alt: Kestrel Hunting Demo\n\nKestrel in a Nutshell\n=====================\n\n.. image:: https://github.com/opencybersecurityalliance/kestrel-lang/raw/develop/docs/images/overview.png\n   :width: 100%\n   :alt: Kestrel overview.\n\n- **Kestrel language**: a threat hunting language for a human to express *what to\n  hunt*.\n\n  - expressing the knowledge of *what* in patterns, analytics, and hunt flows.\n  - composing reusable hunting flows from individual hunting steps.\n  - reasoning with human-friendly entity-based data representation abstraction.\n  - thinking across heterogeneous data and threat intelligence sources.\n  - applying existing public and proprietary detection logic as analytic hunt steps.\n  - reusing and sharing individual hunting steps, hunt-flow, and entire huntbooks.\n\n- **Kestrel runtime**: a machine interpreter that deals with *how to hunt*.\n\n  - compiling the *what* against specific hunting platform instructions.\n  - executing the compiled code locally and remotely.\n  - assembling raw logs and records into entities for entity-based reasoning.\n  - caching intermediate data and related records for fast response.\n  - prefetching related logs and records for link construction between entities.\n  - defining extensible interfaces for data sources and analytics execution.\n\nBasic Concepts and Howto\n========================\n\nVisit `Kestrel documentation`_ to learn Kestrel:\n\n- Learn concepts and syntax:\n\n  - `A comprehensive introduction to Kestrel`_\n  - `The two key concepts of Kestrel`_\n  - `Interactive tutorial with quiz`_\n  - `Language reference book`_\n\n- Hunt in your environment:\n\n  - `Kestrel runtime installation`_\n  - `How to connect to your data sources`_\n  - `How to execute an analytic hunt step in Python/Docker`_\n  - `How to use Kestrel via API`_\n  - `How to launch Kestrel as a Docker container`_\n\nKestrel Huntbooks And Analytics\n===============================\n\n- `Kestrel huntbook`_: community-contributed Kestrel huntbooks\n- `Kestrel analytics`_: community-contributed Kestrel analytics\n\nKestrel Hunting Blogs\n=====================\n\n#. `Building a Huntbook to Discover Persistent Threats from Scheduled Windows Tasks`_\n#. `Practicing Backward And Forward Tracking Hunts on A Windows Host`_\n#. `Building Your Own Kestrel Analytics and Sharing With the Community`_\n#. `Setting Up The Open Hunting Stack in Hybrid Cloud With Kestrel and SysFlow`_\n#. `Try Kestrel in a Cloud Sandbox`_\n#. `Fun with securitydatasets.com and the Kestrel PowerShell Deobfuscator`_\n#. `Kestrel Data Retrieval Explained`_\n\nTalks And Demos\n===============\n\nTalk summary (visit `Kestrel documentation on talks`_ to learn details):\n\n- 2023/08 `Black Hat USA 2023`_\n- 2022/12 `Infosec Jupyterthon 2022`_ [`IJ'22 live hunt recording`_]\n- 2022/08 `Black Hat USA 2022`_ [`BH'22 recording`_ | `BH'22 hunting lab`_]\n- 2022/06 `Cybersecurity Automation Workshop`_\n- 2022/04 `SC eSummit on Threat Hunting & Offense Security`_ (free to register/playback)\n- 2021/12 `Infosec Jupyterthon 2021`_ [`IJ'21 live hunt recording`_]\n- 2021/11 `BlackHat Europe 2021`_\n- 2021/10 `SANS Threat Hunting Summit 2021`_: [`SANS'21 session recording`_]\n- 2021/05 `RSA Conference 2021`_: [`RSA'21 session recording`_]\n\nConnecting With The Community\n=============================\n\n- Join Kestrel slack channel:\n  \n  - Get a `slack invitation`_ to join `Open Cybersecurity Alliance workspace`_\n  \n    .. image:: https://opencyberallia.wpengine.com/wp-content/uploads/2022/03/OCA-logo-e1646689234325.png\n       :width: 20%\n       :alt: OCA logo\n     \n  - Join the *kestrel* channel to ask questions and connect with other hunters\n  \n- Contribute to the language development (`Apache License 2.0`_):\n\n  - Create a `GitHub Issue`_ to report bugs and suggest new features\n  - Follow the `contributing guideline`_ to submit your pull request\n  - Refer to the `governance documentation`_ regarding PR merge, release, and vulnerability disclosure\n\n- Share your huntbook and analytics:\n\n  - `Kestrel huntbook`_\n  - `Kestrel analytics`_\n\n\n\n\n.. _Kestrel live tutorial in a cloud sandbox: https://mybinder.org/v2/gh/opencybersecurityalliance/kestrel-huntbook/HEAD?filepath=tutorial\n.. _Kestrel documentation: https://kestrel.readthedocs.io/\n\n.. _A comprehensive introduction to Kestrel: https://kestrel.readthedocs.io/en/stable/overview/\n.. _The two key concepts of Kestrel: https://kestrel.readthedocs.io/en/stable/language/tac.html#key-concepts\n.. _Interactive tutorial with quiz: https://mybinder.org/v2/gh/opencybersecurityalliance/kestrel-huntbook/HEAD?filepath=tutorial\n.. _Kestrel runtime installation: https://kestrel.readthedocs.io/en/stable/installation/runtime.html\n.. _How to connect to your data sources: https://kestrel.readthedocs.io/en/stable/installation/datasource.html\n.. _How to execute an analytic hunt step in Python/Docker: https://kestrel.readthedocs.io/en/stable/installation/analytics.html\n.. _Language reference book: https://kestrel.readthedocs.io/en/stable/language/commands.html\n.. _How to use Kestrel via API: https://kestrel.readthedocs.io/en/stable/source/kestrel.session.html\n.. _How to launch Kestrel as a Docker container: https://kestrel.readthedocs.io/en/stable/deployment/\n.. _Kestrel documentation on talks: https://kestrel.readthedocs.io/en/stable/talks.html\n\n.. _Kestrel huntbook: https://github.com/opencybersecurityalliance/kestrel-huntbook\n.. _Kestrel analytics: https://github.com/opencybersecurityalliance/kestrel-analytics\n\n.. _Building a Huntbook to Discover Persistent Threats from Scheduled Windows Tasks: https://opencybersecurityalliance.org/huntbook-persistent-threat-discovery-kestrel/\n.. _Practicing Backward And Forward Tracking Hunts on A Windows Host: https://opencybersecurityalliance.org/backward-and-forward-tracking-hunts-on-a-windows-host/\n.. _Building Your Own Kestrel Analytics and Sharing With the Community: https://opencybersecurityalliance.org/kestrel-custom-analytics/\n.. _Setting Up The Open Hunting Stack in Hybrid Cloud With Kestrel and SysFlow: https://opencybersecurityalliance.org/kestrel-sysflow-open-hunting-stack/\n.. _Try Kestrel in a Cloud Sandbox: https://opencybersecurityalliance.org/try-kestrel-in-a-cloud-sandbox/\n.. _Fun with securitydatasets.com and the Kestrel PowerShell Deobfuscator: https://opencybersecurityalliance.org/fun-with-securitydatasets-com-and-the-kestrel-powershell-deobfuscator/\n.. _Kestrel Data Retrieval Explained: https://opencybersecurityalliance.org/kestrel-data-retrieval-explained/\n\n.. _RSA Conference 2021: https://www.rsaconference.com/Library/presentation/USA/2021/The%20Game%20of%20Cyber%20Threat%20Hunting%20The%20Return%20of%20the%20Fun\n.. _RSA'21 session recording: https://www.youtube.com/watch?v=-Xb086R0JTk\n.. _SANS Threat Hunting Summit 2021: https://www.sans.org/blog/a-visual-summary-of-sans-threat-hunting-summit-2021/\n.. _SANS'21 session recording: https://www.youtube.com/watch?v=gyY5DAWLwT0\n.. _BlackHat Europe 2021: https://www.blackhat.com/eu-21/arsenal/schedule/index.html#an-open-stack-for-threat-hunting-in-hybrid-cloud-with-connected-observability-25112\n.. _Infosec Jupyterthon 2021: https://infosecjupyterthon.com/2021/agenda.html\n.. _IJ'21 live hunt recording: https://www.youtube.com/embed/nMnHBnYfIaI?start=20557&end=22695\n.. _Infosec Jupyterthon 2022: https://infosecjupyterthon.com/2022/agenda.html\n.. _IJ'22 live hunt recording: https://www.youtube.com/embed/8Mw1yyYkeqM?start=23586&end=26545\n.. _SC eSummit on Threat Hunting & Offense Security: https://www.scmagazine.com/esummit/automating-the-hunt-for-advanced-threats\n.. _Cybersecurity Automation Workshop: http://www.cybersecurityautomationworkshop.org/\n.. _Black Hat USA 2023: https://www.blackhat.com/us-23/arsenal/schedule/index.html#identity-threat-hunting-with-kestrel-33662\n.. _Black Hat USA 2022: https://www.blackhat.com/us-22/arsenal/schedule/index.html#streamlining-and-automating-threat-hunting-with-kestrel-28014\n.. _BH'22 recording: https://www.youtube.com/watch?v=tf1VLIpFefs\n.. _Black Hat USA 2022 session recording: https://www.youtube.com/watch?v=tf1VLIpFefs\n.. _BH'22 hunting lab: https://mybinder.org/v2/gh/opencybersecurityalliance/black-hat-us-2022/HEAD?filepath=demo\n.. _Black Hat USA 2022 Kestrel hunting lab: https://mybinder.org/v2/gh/opencybersecurityalliance/black-hat-us-2022/HEAD?filepath=demo\n\n.. _slack invitation: https://join.slack.com/t/open-cybersecurity/shared_invite/zt-19pliofsm-L7eSSB8yzABM2Pls1nS12w\n.. _Open Cybersecurity Alliance workspace: https://open-cybersecurity.slack.com/\n.. _GitHub Issue: https://github.com/opencybersecurityalliance/kestrel-lang/issues\n.. _contributing guideline: CONTRIBUTING.rst\n.. _governance documentation: GOVERNANCE.rst\n.. _Apache License 2.0: LICENSE.md\n",
    "bugtrack_url": null,
    "license": "Apache 2.0 License",
    "summary": "Kestrel STIX-bundle Datasource Interface",
    "version": "1.8.0",
    "project_urls": {
        "Documentation": "https://kestrel.readthedocs.io/",
        "Homepage": "https://github.com/opencybersecurityalliance/kestrel-lang",
        "Repository": "https://github.com/opencybersecurityalliance/kestrel-lang.git"
    },
    "split_keywords": [
        "kestrel",
        "datasource",
        "interface",
        "stix bundle"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "c8d9795334d857c90e55b5e6735090808c647908b4f2dc5e6c47b746fb065334",
                "md5": "ffcd9098ab3f7acd22e8cc897e593236",
                "sha256": "a15328af0fd00f5addb7c24b5c81912bb8d9b8af52385ca4b6c862505f616f49"
            },
            "downloads": -1,
            "filename": "kestrel_datasource_stixbundle-1.8.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "ffcd9098ab3f7acd22e8cc897e593236",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 7718,
            "upload_time": "2023-10-19T02:45:54",
            "upload_time_iso_8601": "2023-10-19T02:45:54.370455Z",
            "url": "https://files.pythonhosted.org/packages/c8/d9/795334d857c90e55b5e6735090808c647908b4f2dc5e6c47b746fb065334/kestrel_datasource_stixbundle-1.8.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "bcf3dccc376666c5ef819d4e64269d6bbae280679066fadaf944eef27432564d",
                "md5": "87555ff1a9122ebcec9823ffedaca726",
                "sha256": "0e91b23e5a2a81241dff37a1764772f5104a1fe6ddd975c27d45ec6166db67ec"
            },
            "downloads": -1,
            "filename": "kestrel_datasource_stixbundle-1.8.0.tar.gz",
            "has_sig": false,
            "md5_digest": "87555ff1a9122ebcec9823ffedaca726",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 10489,
            "upload_time": "2023-10-19T02:45:58",
            "upload_time_iso_8601": "2023-10-19T02:45:58.850207Z",
            "url": "https://files.pythonhosted.org/packages/bc/f3/dccc376666c5ef819d4e64269d6bbae280679066fadaf944eef27432564d/kestrel_datasource_stixbundle-1.8.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-10-19 02:45:58",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "opencybersecurityalliance",
    "github_project": "kestrel-lang",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "kestrel-datasource-stixbundle"
}
        
Elapsed time: 2.13081s